Skip to main content

Privacy Policy

Last updated: 15 July 2026

This Privacy Policy explains how Visibilitas (“Visibilitas”, “we”, “us”), operated by RIT Services GmbH, collects, uses, and safeguards personal data when you use our website and platform (the “Service”). We are the data controller for the personal data described here. Questions? Contact us at privacy@visibilitas.de.

1. Data we collect

  • Account data — name, email address, password hash, organization name, and role, provided when you register or are invited to a workspace.
  • Billing data — plan, subscription status, and payment metadata. Card details are processed by our payment provider (Stripe) and are never stored on our servers.
  • Project data — the domains, keywords, and competitors you add so we can run SEO crawls, SERP tracking, and Generative Engine Optimization (GEO) analysis.
  • Connected Google accounts (optional) — if you connect Google Search Console or Google Analytics, we store an OAuth token (encrypted at rest) and read read-only performance data for your own verified properties — search clicks, impressions, rankings, sessions, engagement, traffic sources, and countries — to display it on your Audience dashboard. You can disconnect at any time, which deletes the stored token. See “Google user data” below.
  • Usage & device data — log data, IP address, browser type, and product interactions, used for security, debugging, and improving the Service.
  • Cookies — strictly-necessary cookies for authentication (httpOnly session and refresh tokens) and preferences. See “Cookies” below.

2. How we use data

  • To provide, maintain, and secure the Service and your account.
  • To process payments and manage subscriptions.
  • To run the analyses you request (crawls, keyword research, LLM citation checks).
  • To communicate service, security, and billing notices.
  • To comply with legal obligations and enforce our Terms of Service.

3. Legal bases (GDPR)

Where the EU/UK GDPR applies, we process personal data on the bases of performance of a contract (providing the Service), legitimate interests (securing and improving the Service), consent (where required, e.g. non-essential communications), and legal obligation.

4. Sub-processors and third parties

We share data with vendors that help us operate the Service, under contractual data-protection terms. These include hosting/infrastructure, payment processing (Stripe), error monitoring, email delivery, and the search-data and AI providers used to generate your reports (including Google APIs when you connect Search Console or Analytics). We do not sell personal data. A current list of sub-processors is available on request.

5. Google user data

When you connect Google Search Console or Google Analytics, we access Google user data through Google APIs using the read-only scopes webmasters.readonly and analytics.readonly. We use this data solely to display your site’s search and audience metrics inside the Service. We do not use it for advertising, do not sell it, and do not transfer it to others except as needed to provide or secure the Service (or where required by law).

Visibilitas’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. OAuth tokens are encrypted at rest; the fetched metrics are cached only to render your dashboard and are removed when you disconnect the integration or delete the associated project. You can revoke our access at any time from the Audience page (Disconnect) or via your Google Account permissions.

6. International transfers

Data may be processed in countries other than your own. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

7. Data retention

We retain personal data for as long as your account is active and as needed to provide the Service, then for the period required to meet legal, accounting, or reporting obligations. You can request deletion as described below.

8. Your rights

Subject to applicable law, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing or withdraw consent. To exercise these rights, contact privacy@visibilitas.de. You may also lodge a complaint with your local data-protection authority.

9. Security

We use technical and organizational measures including encryption in transit (HTTPS/HSTS), tenant isolation, hashed credentials, and access controls. No system is perfectly secure, but we work to protect your data and will notify you of breaches as required by law.

10. Cookies

We use strictly-necessary cookies to keep you signed in and to remember preferences such as language. We do not use third-party advertising cookies. You can block cookies in your browser, but the Service may not function correctly without the essential ones.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect their data.

12. Changes to this policy

We may update this policy from time to time. Material changes will be posted here with an updated “Last updated” date and, where appropriate, communicated to you directly.

13. Contact

RIT Services GmbH, Am alten Güterbahnhof 57, 50825 Köln, Germany — privacy@visibilitas.de.